I wonder if it's safe to use JavaScript generator available at bitaddress.org.
Even if I'll generate it offline, how can I know if the algorithm is not using any pre-computed / pre-planned way of generating the addresses?

1 Answer
1

It is good to consider the security of a system in which you are relying.

The HTML and Javascript served is not obfuscated so the code is easily verified.

While there have been no formal security audits, at least not that I'm aware of, there are many people with strong skills in cryptography, programming, math and security that have looked at the code.

The method used to generate an address draws from other open source tools (e.g., Crypto-JS) as well as a subset of Bouncy Castle for the ECSDA ported to Javascript. In other words, BitAddress isn't doing anything that hasn't already been implemented elsewhere, it just implements them in Javascript.